Facts and screenshoots about ANTS 3.0 private

First of all ANTS isn't a normal scanner. It uses a powerful driver and hook system to monitor and observe all files in REALTIME.

Its compareable to a firewall. You can define special system areas of your process, network, file or registry system and you define a special action what should happen if a process wants to access (read, write, create, delete ...) this area (ask, block, log and so on).

I tried a very small configuration. The ANTS "system firewalls" warn if a process wants to access the windows or system directory, the windows startfiles or the registry start keys. The "rule editor" looks something like this:

The last point called "Geschützte Prozesse" (secured processes) is quite interesting for users of a third party security application and for applications which have access to the internet.

All processes listed in "Geschützte Prozesse" can't be killed or modified. You can't inject a dll or something like this. So most of firewall tunneling trojans can't get active if your internet applications are secured in such a way.

Its also quite interesting for anti-virus software that is often killed by several malware, cause secured processes can't be killed via TerminateProcess.

Ok,
what happened if a trojan runs on such a secured environment. Here a test with NetBus 1.7:

Firstly all files will be scanned BEFORE they run. So NetBus will be found:

I think only KAV (AVP) has started to implement behaviour blocking in their product and it is still in very early testing.
Are you using kernel level drivers for the real-time monitoring?
Will ANTS 3 also work on Win98 or only Win2000/XP ?

I guess the ANTS 3 beta version is German only?
If you have an English version, I'd be interested in participating in beta testing - if it is possible.

ANTS 3.0 will be available for windows 95, 98, me, 2k and XP. The 2k and XP version is ready and was used in this little test.

I use a mix of simple "API hooking" and kernel level drivers ).

There are only german beta versions - i think its more profitable to spend all time to researching and not to translating in this phase ). But as is said, the later betas and release candidates will be available as english versions, too.

First post.
I've been looking forward to Ants3.0 ever since....
because I was/am convinced that it is/willbe the best AT app available. However, I am also an Outpost FW beta tester and I can tell you that if Ants acts like a FW then there will probably be a conflict with OP because OP doesn't get along w/other FWs if they are installed on the same system, even if they aren't active